providers/session: Fix session cookie, make it more secure

2024-12-20 20:27:46 -05:00 · 2024-12-20 20:27:46 -05:00 · b9d55ad0b6
commit b9d55ad0b6
parent 2d5dbc50b3
1 changed files with 9 additions and 4 deletions
--- a/providers/session/session.go
+++ b/providers/session/session.go
@ -108,11 +108,16 @@ func (this *state) funcSessionHTTP (
 		result = session
 	}
 	cookie := &http.Cookie {
-		Name:    sessionIDCookieName,
-		Value:   result.ID().String(),
-		Expires: expiration,
+		Name:     sessionIDCookieName,
+		Value:    result.ID().String(),
+		Expires:  expiration,
+		Secure:   true,
+		HttpOnly: true,
+		SameSite: http.SameSiteStrictMode,
+		Path:     "/",
 	}
-	http.SetCookie(shttp.UnderlyingResponseWriter(res), cookie)
+	underlyingRes := shttp.UnderlyingResponseWriter(res)
+	http.SetCookie(underlyingRes, cookie)
 	return result, nil
 }